On Mon, 26 Feb 1996 hallam@w3.org wrote:
> A trick I introduced into SEA was to always apply a random mask to
> each shared secret on each transaction. This is equivalent to the
> nonce "increment" idea but its essentially a replacement for challenge
> response.
>
> The client sends to the server KD(key | mask, Date, URI) where mask
> is a random value chosen by the client. The server must then check to
> ensure that the value of mask is not re-used within a time-frame
> defined about date by the server.
>
This is a very good idea, but I agree with what you say below that
we should perhaps wait for WRAPPED transactions to "achieve perfection."
One advantage it has over incrementing nonces is that I worry a little about
generating a whole sequences of digests on data which has a byte
incremented each time. Does anyone know if MD5 is vulnerable given
this kind of data?
>
> I think that we should not try to achieve perfection on digest auth
> since we will be able to do much much more with WRAPPED transactions.
> I see digest as a drop in replacement for BASIC. This is why I was
> prepared to see the compromises involved in its design. My original
> suggestion _did_ wrap the message and Jeff objected (rightly) that
> it was no longer a direct BASIC replacement.
>
I agree completely!
John Franks Dept of Math. Northwestern University
john@math.nwu.edu